Package org.codehaus.groovy.control.customizers

Class SecureASTCustomizer.SecuringCodeVisitor

java.lang.Object

org.codehaus.groovy.control.customizers.SecureASTCustomizer.SecuringCodeVisitor

All Implemented Interfaces:

GroovyCodeVisitor

Enclosing class:

SecureASTCustomizer

protected class SecureASTCustomizer.SecuringCodeVisitor
extends Object
implements GroovyCodeVisitor

This visitor directly implements the GroovyCodeVisitor interface instead of using the CodeVisitorSupport class to make sure that future features of the language gets managed by this visitor. Thus, adding a new feature would result in a compilation error if this visitor is not updated.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SecuringCodeVisitor()

Method Summary

Modifier and Type	Method	Description
protected void	assertExpressionAuthorized(Expression expression)	Checks that a given expression is either in the allowed list or not in the disallowed list.
protected void	assertStatementAuthorized(Statement statement)	Checks that a given statement is either in the allowed list or not in the disallowed list.
protected void	assertTokenAuthorized(Token token)	Checks that a given token is either in the allowed list or not in the disallowed list.
protected ClassNode	getExpressionType(ClassNode objectExpressionType)
void	visitArgumentlistExpression(ArgumentListExpression expression)	Visits an argument list expression (method arguments).
void	visitArrayExpression(ArrayExpression expression)	Visits an array expression.
void	visitAssertStatement(AssertStatement statement)	Visits an assert statement.
void	visitAttributeExpression(AttributeExpression expression)	Visits an attribute expression (object@property, accessing direct field without getters).
void	visitBinaryExpression(BinaryExpression expression)	Visits a binary expression (left op right).
void	visitBitwiseNegationExpression(BitwiseNegationExpression expression)	Visits a bitwise negation expression (~expr).
void	visitBlockStatement(BlockStatement block)	Visits a block statement (list of statements enclosed in braces).
void	visitBooleanExpression(BooleanExpression expression)	Visits a boolean expression.
void	visitBreakStatement(BreakStatement statement)	Visits a break statement.
void	visitBytecodeExpression(BytecodeExpression expression)	Visits a bytecode expression (direct JVM bytecode instructions).
void	visitCaseStatement(CaseStatement statement)	Visits a case clause within a switch statement.
void	visitCastExpression(CastExpression expression)	Visits a cast expression ((Type) expr).
void	visitCatchStatement(CatchStatement statement)	Visits a catch clause within a try-catch statement.
void	visitClassExpression(ClassExpression expression)	Visits a class expression.
void	visitClosureExpression(ClosureExpression expression)	Visits a closure expression.
void	visitClosureListExpression(ClosureListExpression closureListExpression)	Visits a closure list expression.
void	visitConstantExpression(ConstantExpression expression)	Visits a constant expression (literal value).
void	visitConstructorCallExpression(ConstructorCallExpression call)	Visits a constructor call expression.
void	visitContinueStatement(ContinueStatement statement)	Visits a continue statement.
void	visitDeclarationExpression(DeclarationExpression expression)	Visits a declaration expression (variable declaration with initialization).
void	visitDoWhileLoop(DoWhileStatement loop)	Visits a do-while loop statement.
void	visitEmptyStatement(EmptyStatement statement)	Visits an empty statement.
void	visitExpressionStatement(ExpressionStatement statement)	Visits an expression statement (an expression used as a statement).
void	visitFieldExpression(FieldExpression expression)	Visits a field expression.
void	visitForLoop(ForStatement forLoop)	Visits a for loop statement.
void	visitGStringExpression(GStringExpression expression)	Visits a GString expression (string with interpolations).
void	visitIfElse(IfStatement ifElse)	Visits an if-else statement.
void	visitLambdaExpression(LambdaExpression expression)	Visits a lambda expression.
void	visitListExpression(ListExpression expression)	Visits a list expression.
void	visitMapEntryExpression(MapEntryExpression expression)	Visits a map entry expression (key: value pair within a map).
void	visitMapExpression(MapExpression expression)	Visits a map expression.
void	visitMethodCallExpression(MethodCallExpression call)	Visits a method call expression.
void	visitMethodPointerExpression(MethodPointerExpression expression)	Visits a method pointer expression (object.&methodName).
void	visitMethodReferenceExpression(MethodReferenceExpression expression)	Visits a method reference expression (obj::method).
void	visitNotExpression(NotExpression expression)	Visits a not expression (!expr).
void	visitPostfixExpression(PostfixExpression expression)	Visits a postfix expression (expr op).
void	visitPrefixExpression(PrefixExpression expression)	Visits a prefix expression (op expr).
void	visitPropertyExpression(PropertyExpression expression)	Visits a property expression (object.property).
void	visitRangeExpression(RangeExpression expression)	Visits a range expression.
void	visitReturnStatement(ReturnStatement statement)	Visits a return statement.
void	visitShortTernaryExpression(ElvisOperatorExpression expression)	Visits an Elvis operator expression (shorthand ternary with implicit condition check).
void	visitSpreadExpression(SpreadExpression expression)	Visits a spread expression (*expr, spreading collection elements).
void	visitSpreadMapExpression(SpreadMapExpression expression)	Visits a spread map expression (*:map, spreading map entries).
void	visitStaticMethodCallExpression(StaticMethodCallExpression call)	Visits a static method call expression.
void	visitSwitch(SwitchStatement statement)	Visits a switch statement.
void	visitSynchronizedStatement(SynchronizedStatement statement)	Visits a synchronized statement.
void	visitTernaryExpression(TernaryExpression expression)	Visits a ternary expression (condition ? trueExpr : falseExpr).
void	visitThrowStatement(ThrowStatement statement)	Visits a throw statement.
void	visitTryCatchFinally(TryCatchStatement statement)	Visits a try-catch-finally statement.
void	visitTupleExpression(TupleExpression expression)	Visits a tuple expression (comma-separated expressions grouped in parentheses).
void	visitUnaryMinusExpression(UnaryMinusExpression expression)	Visits a unary minus expression (-expr).
void	visitUnaryPlusExpression(UnaryPlusExpression expression)	Visits a unary plus expression (+expr).
void	visitVariableExpression(VariableExpression expression)	Visits a variable expression.
void	visitWhileLoop(WhileStatement loop)	Visits a while loop statement.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.codehaus.groovy.ast.GroovyCodeVisitor

visit, visit, visitEmptyExpression, visitListOfExpressions

Constructor Details

SecuringCodeVisitor

protected SecuringCodeVisitor()

Method Details

assertStatementAuthorized

protected void assertStatementAuthorized(Statement statement)
                                  throws SecurityException

Checks that a given statement is either in the allowed list or not in the disallowed list.

Parameters:

statement - the statement to be checked

Throws:

SecurityException - if usage of this statement class is forbidden

assertExpressionAuthorized

protected void assertExpressionAuthorized(Expression expression)
                                   throws SecurityException

Checks that a given expression is either in the allowed list or not in the disallowed list.

Parameters:

expression - the expression to be checked

Throws:

SecurityException - if usage of this expression class is forbidden

getExpressionType

protected ClassNode getExpressionType(ClassNode objectExpressionType)

assertTokenAuthorized

protected void assertTokenAuthorized(Token token)
                              throws SecurityException

Checks that a given token is either in the allowed list or not in the disallowed list.

Parameters:

token - the token to be checked

Throws:

SecurityException - if usage of this token is forbidden

visitBlockStatement

public void visitBlockStatement(BlockStatement block)

Description copied from interface: GroovyCodeVisitor

Visits a block statement (list of statements enclosed in braces).

Specified by:

visitBlockStatement in interface GroovyCodeVisitor

Parameters:

block - the BlockStatement to process

visitForLoop

public void visitForLoop(ForStatement forLoop)

Description copied from interface: GroovyCodeVisitor

Visits a for loop statement.

Specified by:

visitForLoop in interface GroovyCodeVisitor

Parameters:

forLoop - the ForStatement to process

visitWhileLoop

public void visitWhileLoop(WhileStatement loop)

Description copied from interface: GroovyCodeVisitor

Visits a while loop statement.

Specified by:

visitWhileLoop in interface GroovyCodeVisitor

Parameters:

loop - the WhileStatement to process

visitDoWhileLoop

public void visitDoWhileLoop(DoWhileStatement loop)

Description copied from interface: GroovyCodeVisitor

Visits a do-while loop statement.

Specified by:

visitDoWhileLoop in interface GroovyCodeVisitor

Parameters:

loop - the DoWhileStatement to process

visitIfElse

public void visitIfElse(IfStatement ifElse)

Description copied from interface: GroovyCodeVisitor

Visits an if-else statement.

Specified by:

visitIfElse in interface GroovyCodeVisitor

Parameters:

ifElse - the IfStatement to process

visitExpressionStatement

public void visitExpressionStatement(ExpressionStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits an expression statement (an expression used as a statement).

Specified by:

visitExpressionStatement in interface GroovyCodeVisitor

Parameters:

statement - the ExpressionStatement to process

visitReturnStatement

public void visitReturnStatement(ReturnStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a return statement.

Specified by:

visitReturnStatement in interface GroovyCodeVisitor

Parameters:

statement - the ReturnStatement to process

visitAssertStatement

public void visitAssertStatement(AssertStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits an assert statement.

Specified by:

visitAssertStatement in interface GroovyCodeVisitor

Parameters:

statement - the AssertStatement to process

visitTryCatchFinally

public void visitTryCatchFinally(TryCatchStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a try-catch-finally statement.

Specified by:

visitTryCatchFinally in interface GroovyCodeVisitor

Parameters:

statement - the TryCatchStatement to process

visitEmptyStatement

public void visitEmptyStatement(EmptyStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits an empty statement. Default implementation does nothing.

Specified by:

visitEmptyStatement in interface GroovyCodeVisitor

Parameters:

statement - the EmptyStatement to process

visitSwitch

public void visitSwitch(SwitchStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a switch statement.

Specified by:

visitSwitch in interface GroovyCodeVisitor

Parameters:

statement - the SwitchStatement to process

visitCaseStatement

public void visitCaseStatement(CaseStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a case clause within a switch statement.

Specified by:

visitCaseStatement in interface GroovyCodeVisitor

Parameters:

statement - the CaseStatement to process

visitBreakStatement

public void visitBreakStatement(BreakStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a break statement.

Specified by:

visitBreakStatement in interface GroovyCodeVisitor

Parameters:

statement - the BreakStatement to process

visitContinueStatement

public void visitContinueStatement(ContinueStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a continue statement.

Specified by:

visitContinueStatement in interface GroovyCodeVisitor

Parameters:

statement - the ContinueStatement to process

visitThrowStatement

public void visitThrowStatement(ThrowStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a throw statement.

Specified by:

visitThrowStatement in interface GroovyCodeVisitor

Parameters:

statement - the ThrowStatement to process

visitSynchronizedStatement

public void visitSynchronizedStatement(SynchronizedStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a synchronized statement.

Specified by:

visitSynchronizedStatement in interface GroovyCodeVisitor

Parameters:

statement - the SynchronizedStatement to process

visitCatchStatement

public void visitCatchStatement(CatchStatement statement)

Description copied from interface: GroovyCodeVisitor

Visits a catch clause within a try-catch statement.

Specified by:

visitCatchStatement in interface GroovyCodeVisitor

Parameters:

statement - the CatchStatement to process

visitMethodCallExpression

public void visitMethodCallExpression(MethodCallExpression call)

Description copied from interface: GroovyCodeVisitor

Visits a method call expression.

Specified by:

visitMethodCallExpression in interface GroovyCodeVisitor

Parameters:

call - the MethodCallExpression to process

visitStaticMethodCallExpression

public void visitStaticMethodCallExpression(StaticMethodCallExpression call)

Description copied from interface: GroovyCodeVisitor

Visits a static method call expression.

Specified by:

visitStaticMethodCallExpression in interface GroovyCodeVisitor

Parameters:

call - the StaticMethodCallExpression to process

visitConstructorCallExpression

public void visitConstructorCallExpression(ConstructorCallExpression call)

Description copied from interface: GroovyCodeVisitor

Visits a constructor call expression.

Specified by:

visitConstructorCallExpression in interface GroovyCodeVisitor

Parameters:

call - the ConstructorCallExpression to process

visitTernaryExpression

public void visitTernaryExpression(TernaryExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a ternary expression (condition ? trueExpr : falseExpr).

Specified by:

visitTernaryExpression in interface GroovyCodeVisitor

Parameters:

expression - the TernaryExpression to process

visitShortTernaryExpression

public void visitShortTernaryExpression(ElvisOperatorExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits an Elvis operator expression (shorthand ternary with implicit condition check).

Specified by:

visitShortTernaryExpression in interface GroovyCodeVisitor

Parameters:

expression - the ElvisOperatorExpression to process

visitBinaryExpression

public void visitBinaryExpression(BinaryExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a binary expression (left op right).

Specified by:

visitBinaryExpression in interface GroovyCodeVisitor

Parameters:

expression - the BinaryExpression to process

visitPrefixExpression

public void visitPrefixExpression(PrefixExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a prefix expression (op expr).

Specified by:

visitPrefixExpression in interface GroovyCodeVisitor

Parameters:

expression - the PrefixExpression to process

visitPostfixExpression

public void visitPostfixExpression(PostfixExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a postfix expression (expr op).

Specified by:

visitPostfixExpression in interface GroovyCodeVisitor

Parameters:

expression - the PostfixExpression to process

visitBooleanExpression

public void visitBooleanExpression(BooleanExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a boolean expression.

Specified by:

visitBooleanExpression in interface GroovyCodeVisitor

Parameters:

expression - the BooleanExpression to process

visitClosureExpression

public void visitClosureExpression(ClosureExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a closure expression.

Specified by:

visitClosureExpression in interface GroovyCodeVisitor

Parameters:

expression - the ClosureExpression to process

visitLambdaExpression

public void visitLambdaExpression(LambdaExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a lambda expression.

Specified by:

visitLambdaExpression in interface GroovyCodeVisitor

Parameters:

expression - the LambdaExpression to process

visitTupleExpression

public void visitTupleExpression(TupleExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a tuple expression (comma-separated expressions grouped in parentheses).

Specified by:

visitTupleExpression in interface GroovyCodeVisitor

Parameters:

expression - the TupleExpression to process

visitMapExpression

public void visitMapExpression(MapExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a map expression.

Specified by:

visitMapExpression in interface GroovyCodeVisitor

Parameters:

expression - the MapExpression to process

visitMapEntryExpression

public void visitMapEntryExpression(MapEntryExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a map entry expression (key: value pair within a map).

Specified by:

visitMapEntryExpression in interface GroovyCodeVisitor

Parameters:

expression - the MapEntryExpression to process

visitListExpression

public void visitListExpression(ListExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a list expression.

Specified by:

visitListExpression in interface GroovyCodeVisitor

Parameters:

expression - the ListExpression to process

visitRangeExpression

public void visitRangeExpression(RangeExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a range expression.

Specified by:

visitRangeExpression in interface GroovyCodeVisitor

Parameters:

expression - the RangeExpression to process

visitPropertyExpression

public void visitPropertyExpression(PropertyExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a property expression (object.property).

Specified by:

visitPropertyExpression in interface GroovyCodeVisitor

Parameters:

expression - the PropertyExpression to process

visitAttributeExpression

public void visitAttributeExpression(AttributeExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits an attribute expression (object@property, accessing direct field without getters).

Specified by:

visitAttributeExpression in interface GroovyCodeVisitor

Parameters:

expression - the AttributeExpression to process

visitFieldExpression

public void visitFieldExpression(FieldExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a field expression.

Specified by:

visitFieldExpression in interface GroovyCodeVisitor

Parameters:

expression - the FieldExpression to process

visitMethodPointerExpression

public void visitMethodPointerExpression(MethodPointerExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a method pointer expression (object.&methodName).

Specified by:

visitMethodPointerExpression in interface GroovyCodeVisitor

Parameters:

expression - the MethodPointerExpression to process

visitMethodReferenceExpression

public void visitMethodReferenceExpression(MethodReferenceExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a method reference expression (obj::method).

Specified by:

visitMethodReferenceExpression in interface GroovyCodeVisitor

Parameters:

expression - the MethodReferenceExpression to process

visitConstantExpression

public void visitConstantExpression(ConstantExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a constant expression (literal value).

Specified by:

visitConstantExpression in interface GroovyCodeVisitor

Parameters:

expression - the ConstantExpression to process

visitClassExpression

public void visitClassExpression(ClassExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a class expression.

Specified by:

visitClassExpression in interface GroovyCodeVisitor

Parameters:

expression - the ClassExpression to process

visitVariableExpression

public void visitVariableExpression(VariableExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a variable expression.

Specified by:

visitVariableExpression in interface GroovyCodeVisitor

Parameters:

expression - the VariableExpression to process

visitDeclarationExpression

public void visitDeclarationExpression(DeclarationExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a declaration expression (variable declaration with initialization).

Specified by:

visitDeclarationExpression in interface GroovyCodeVisitor

Parameters:

expression - the DeclarationExpression to process

visitGStringExpression

public void visitGStringExpression(GStringExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a GString expression (string with interpolations).

Specified by:

visitGStringExpression in interface GroovyCodeVisitor

Parameters:

expression - the GStringExpression to process

visitArrayExpression

public void visitArrayExpression(ArrayExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits an array expression.

Specified by:

visitArrayExpression in interface GroovyCodeVisitor

Parameters:

expression - the ArrayExpression to process

visitSpreadExpression

public void visitSpreadExpression(SpreadExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a spread expression (*expr, spreading collection elements).

Specified by:

visitSpreadExpression in interface GroovyCodeVisitor

Parameters:

expression - the SpreadExpression to process

visitSpreadMapExpression

public void visitSpreadMapExpression(SpreadMapExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a spread map expression (*:map, spreading map entries).

Specified by:

visitSpreadMapExpression in interface GroovyCodeVisitor

Parameters:

expression - the SpreadMapExpression to process

visitNotExpression

public void visitNotExpression(NotExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a not expression (!expr).

Specified by:

visitNotExpression in interface GroovyCodeVisitor

Parameters:

expression - the NotExpression to process

visitUnaryMinusExpression

public void visitUnaryMinusExpression(UnaryMinusExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a unary minus expression (-expr).

Specified by:

visitUnaryMinusExpression in interface GroovyCodeVisitor

Parameters:

expression - the UnaryMinusExpression to process

visitUnaryPlusExpression

public void visitUnaryPlusExpression(UnaryPlusExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a unary plus expression (+expr).

Specified by:

visitUnaryPlusExpression in interface GroovyCodeVisitor

Parameters:

expression - the UnaryPlusExpression to process

visitBitwiseNegationExpression

public void visitBitwiseNegationExpression(BitwiseNegationExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a bitwise negation expression (~expr).

Specified by:

visitBitwiseNegationExpression in interface GroovyCodeVisitor

Parameters:

expression - the BitwiseNegationExpression to process

visitCastExpression

public void visitCastExpression(CastExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a cast expression ((Type) expr).

Specified by:

visitCastExpression in interface GroovyCodeVisitor

Parameters:

expression - the CastExpression to process

visitArgumentlistExpression

public void visitArgumentlistExpression(ArgumentListExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits an argument list expression (method arguments).

Specified by:

visitArgumentlistExpression in interface GroovyCodeVisitor

Parameters:

expression - the ArgumentListExpression to process

visitClosureListExpression

public void visitClosureListExpression(ClosureListExpression closureListExpression)

Description copied from interface: GroovyCodeVisitor

Visits a closure list expression.

Specified by:

visitClosureListExpression in interface GroovyCodeVisitor

Parameters:

closureListExpression - the ClosureListExpression to process

visitBytecodeExpression

public void visitBytecodeExpression(BytecodeExpression expression)

Description copied from interface: GroovyCodeVisitor

Visits a bytecode expression (direct JVM bytecode instructions).

Specified by:

visitBytecodeExpression in interface GroovyCodeVisitor

Parameters:

expression - the BytecodeExpression to process